diff options
author | Roopa Prabhu <roopa@cumulusnetworks.com> | 2017-10-06 22:12:39 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2017-10-08 21:12:04 -0700 |
commit | ed842faeb2bd49256f00485402f3113205f91d30 (patch) | |
tree | 029596be24ac5a1203381c0661d35115b82e5d97 /net/bridge/br_input.c | |
parent | 057658cb33fbf4d4309f01fe8845903b1cd07fad (diff) |
bridge: suppress nd pkts on BR_NEIGH_SUPPRESS ports
This patch avoids flooding and proxies ndisc packets
for BR_NEIGH_SUPPRESS ports.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bridge/br_input.c')
-rw-r--r-- | net/bridge/br_input.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c index 4b8d2ec2fa23..a096d3e189da 100644 --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c @@ -119,6 +119,17 @@ int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb (skb->protocol == htons(ETH_P_ARP) || skb->protocol == htons(ETH_P_RARP))) { br_do_proxy_suppress_arp(skb, br, vid, p); + } else if (IS_ENABLED(CONFIG_IPV6) && + skb->protocol == htons(ETH_P_IPV6) && + br->neigh_suppress_enabled && + pskb_may_pull(skb, sizeof(struct ipv6hdr) + + sizeof(struct nd_msg)) && + ipv6_hdr(skb)->nexthdr == IPPROTO_ICMPV6) { + struct nd_msg *msg, _msg; + + msg = br_is_nd_neigh_msg(skb, &_msg); + if (msg) + br_do_suppress_nd(skb, br, vid, p, msg); } switch (pkt_type) { |